From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9423 invoked by alias); 20 Nov 2003 00:13:12 -0000 Mailing-List: contact cygwin-xfree-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-xfree-owner@cygwin.com Mail-Followup-To: cygwin-xfree@cygwin.com Reply-To: cygwin-xfree@cygwin.com Received: (qmail 9330 invoked from network); 20 Nov 2003 00:13:10 -0000 Received: from unknown (HELO evo.keithp.com) (63.227.221.253) by sources.redhat.com with SMTP; 20 Nov 2003 00:13:10 -0000 Received: from keithp (helo=evo.keithp.com) by evo.keithp.com with local-esmtp (Exim 3.36 #1 (Debian)) id 1AMcRR-0000Ba-00; Wed, 19 Nov 2003 16:13:01 -0800 To: Dave Dodge cc: Alan Coopersmith , "roland@webde" , Keith Whitwell , Keith Packard , cygwin-xfree@cygwin.com, xserver@pdx.freedesktop.org Subject: Re: security, cvs, was Re: interface bindings of x-server From: Keith Packard In-reply-to: Your message of "Wed, 19 Nov 2003 18:49:36 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 20 Nov 2003 00:13:00 -0000 Message-Id: X-SW-Source: 2003-11/txt/msg00292.txt.bz2 List-Id: Around 18 o'clock on Nov 19, Dave Dodge wrote: > [I realize xauth, or changing permissions on the unix socket, could > probably solve this as well. But the localhost method is really, > really easy :-] When you say 'xhost +localhost' you're also granting permission for applications to connect throught the unix domain socket. On a system with Unix domain sockets, it's hard to see a valid use for 127.0.0.1:6000. This is in no way meant to disuade people from adding suitable options to configure which interfaces the (deprecated) IP listening sockets should bind to; I think that's a very useful idea. I'm just trying to show that the need for any IP connections is even less than people imagine. -keith